Cyber threats are one of the biggest security risks of the 21st century
The increasing use of new technologies, self-learning machines, cloud computing, digital ecosystems, new communication standards like 5G and our dependence on intelligent devices are all parts of the global digital transformation of businesses and society. In 2017, 27 billion devices around the world were online, but this number is set to increase five-fold to 125 billion by the year 2030.
In virtually every sector, automated processes are delivering greater efficiency and therefore higher productivity. By analysing a wide range of data, businesses also hope to gain new insights into existing and prospective customers, their purchasing behaviour, or the risk that they might represent. This will facilitate a more targeted customer approach. At the same time, greater levels of interconnection are leading to new business models. Examples include successful sharing concepts and online platforms. Opportunities for all industries are auspicious.
New technologies bring new vulnerabilities
Bright lights cast dark shadows: Promising, future-oriented opportunities also entail inherent and sometimes hidden risks. Espionage, sabotage, data theft – losses from cyber attacks cost companies millions and are increasing all the time.
Cyber risks difficult to assess
Cyber risks pose unique challenges for the insurance industry, above all in connection with accumulation risk: a single cyber event can impact many different companies at the same time, as well as leading to business interruption at yet more companies.
How can the market opportunities be exploited, while at the same time managing the new risks? Are cyber risks ultimately uninsurable, as many industry representatives maintain? One thing is certain: there are a number of extreme risks that the insurance industry cannot bear alone. At present, these include network outages that interrupt the electricity supply, or internet and telecommunication connections. Scenarios like these, and the costs that come with them, should be borne jointly by governments and companies, for example in the form of pool solutions.
Cyber as a new type of risk
There are key differences between cyber risks and traditional risks. Historical data such as that applied to calculate future natural hazards, for example, cannot tell us much about future cyber events. Data from more than ten years ago, when there was no such thing as cloud computing and smartphones had not yet taken off, are of little use when assessing risks from today’s technologies. Insurers and reinsurers must be able to recognise and model the constantly evolving risks over the course of these rapid advances in technology. An approach that relies on insurance expertise alone will rapidly reach its limits. Instead, the objective of all participants should be to create as much transparency as possible as regards cyber risks. IT specialists, authorities, and the scientific and research communities can all help to raise awareness of the risks and contribute their expertise for the development of appropriate cyber covers.